Welcome Guest. | Log In | Register | Membership Benefits
  • |   Email this page E-mail
  • |  Print Print
  • |   Bookmark and Share

Hacktivists Turn To DNS Hijacking

Coach, UFC fall victim to attacks that redirect their Web traffic

Jan 26, 2012 | 03:38 AM | 

By Tim Wilson
Dark Reading
Hacktivists have added a new tactic to their arsenal: redirecting all of the traffic from a target company's website.

According to a blog written by security expert Lars Harvey of IID, politically motivated attackers are now using DNS hijacks, which redirect all the traffic from a victim's legitimate website (and often all the email and back-end transactions, too) to a destination of the attacker's choosing.

"A determined criminal can set up a fake look-alike destination site to dupe customers into revealing credentials or downloading malware," Harvey states.

Many companies pay little, if any, attention to securing their domain registrations, and most do not continuously monitor their DNSes to make sure they're resolving properly around the world, making them vulnerable to attack, the blog says.

"The first indication most victims have of a DNS hijack is that their website traffic slows to a trickle," Harvey reports. "Then they have to figure out why, and DNS is rarely the first thing they think of, which lengthens the time to mitigate the attack."

On Sunday, the domain name UFC.com was hijacked by a hacktivist group that apparently didn't like the mixed-martial arts company fighting the organization's support of the SOPA/PIPA online piracy bills, IID reports. On Monday evening that same group, called UGNazi, hijacked two domain names, coach.com and coachfactory.com, belonging to luxury goods maker Coach Inc., for the same reason.

"Thankfully, both DNS hijack attacks were defeated within a few hours," the blog states. "In the Coach case, it appears that the legitimate hosting company where the hijacked domain was redirected to noticed the large influx of new traffic, quickly determined its nefarious source and helped get the problem fixed."

It could have been worse, Harvey says. "Both Coach and UFC got lucky that the hacktivist criminals are apparently inexperienced in the matter of DNS hijackings, which made it relatively easy to mitigate the attacks," he states.

Both Coach and UFC registered their domains at Network Solutions, IID reports. "The criminals hijacked the domains by accessing the companies' domain management accounts at Network Solutions," the blog states. "It's currently unclear how they did so. In such cases, the cause is usually weak or compromised user passwords, or a website vulnerability at the registrar. Since very few registrars use multifactor authentication, this makes taking over domain names almost trivially easy for any hacker."

Companies should have their domains registered at a corporate domain registrar, rather than a registrar that caters primarily to individuals, IID advises. "[Corporate] registrars have designed their services to serve companies, and provide levels of security and service that make it much more difficult for an attacked to hijack your domain," the blog says. "If your corporate domains are registered at consumer-focused registrars like GoDaddy, Network Solutions, and Register.com, then you are much more vulnerable to attack."

Companies also should continuously monitor their DNSes so they can be immediately alerted of attacks, says IID, which offers such a monitoring service.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Advanced Threats Reports

report Smarter, Stealthier, Sneakier Malware
Increasingly sophisticated and targeted attacks are making it more difficult for organizations to detect and defend against the latest malware. In this compendium of recent coverage from Dark Reading, you?ll get a look at some of the newest -- and most dangerous -- malware on the Web, and what you can do to stop it.

report Secure Software Development Lifecycles: Reducing Risk Throughout the App Dev Process
The application layer has long topped the attacker hit list, and we continue to hear about data breaches exploiting software vulnerabilities. Yet secure application development remains a low priority in most enterprises. In this report, we provide a blueprint for making security an integral part of the software development life cycle.

report Stuxnet Reality Check: Are You Prepared for a Similar Attack?
Stuxnet is a sophisticated, targeted weapon that proved utilities' seemingly isolated SCADA networks could be compromised, potentially disrupting energy production and distribution. In this report, we'll explain how Stuxnet penetrated Iranian nuclear facilities and propagated through their networks, and guide you in protecting against a comparable attack on your organization.

Other reports from the Advanced Threats Tech Center:

Related Content

Proactively Eliminate Risk in Software: HP Fortify Software Security Center
With business software virtually accessible from anywhere, applications now overreach standard perimeter defenses. Enterprises are finding that the effective way to secure software is by employing a Software Security Assurance (SSA) program to proactively eradicate risk.

Expert Guide to Application Security - Real-time Hybrid Analysis
Explore the next generation of hybrid security analysis - what it is, how it works, and its benefits. This white paper details how hybrid application security enables organizations to resolve critical software security issues faster and at a lower cost than any other available technology.

A Mainstay Partners Study: Does Application Security Pay?
Measuring the Business Impact of Software Security Assurance Solutions: a study of 17 organizations that implemented solutions from Fortify Software, combining industry research and benchmark analysis to identify, qualify, and quantify the full range of benefits seen from their SSA investments.

Aberdeen Benchmark Report: Securing Your Applications
Is application security actually "free?" Aberdeen's research confirms that the annual cost of application security initiatives is outweighed by the benefits. Review how all respondents, from Best-in-Class to Laggards, experienced a positive return on their annual application security investments.

White Paper: Rationalizing AppSec Using Fortify
An evaluation of Fortify's software security assurance (SSA) solutions in context of the cumulative impact of software security vulnerabilities and the investments made to address them. Read IANS' assessment and key insights from end users in real-world enterprise software development environments.